On Wed, Jul 25, 2012 at 1:50 AM, David R <rewt@linux-elite.org> wrote:
Hello,

I wondered how i could for example:

Whitelist the "param" argument for the url /prout.php on the vhost www.host.com
from 950901 rule id.

The maximum that i am able to do is:

SecRule REQUEST_HEADERS:Host "www.host.com$"
"phase:1,t:none,nolog,pass,ctl:ruleRemoveById=950109;ARGS:param"

How could i include the REQUEST_URI "^/prout\.php" to that request ?

Hi David,

The ruleRemoveById just takes a rule id as a parameter, the SecRuleUpdateTargetById directive lets you white list certain parameters for a given rule. While you can chain rules together to add the REQUEST_URI parameter condition, you can also use Apache Location directives as well, e.g.:

SecRule REQUEST_HEADERS:Host "www.host.com" "phase:1,t:none, \
  nolog,id:1,chain,pass,ctl:ruleUpdateTargetById=950109!ARGS:param"
  SecRule REQUEST_URI "^/prout\.php"

or 

<Location /prout.php>
  SecRule REQUEST_HEADERS:Host "www.host.com" "phase:1,t:none, \
    nolog,id:1,pass,ctl:ruleUpdateTargetById=950109!ARGS:param"
</Location>

--
 - Josh